WordPress Plugin ReDi Restaurant Reservation 21.0307 – ‘Comment’ Stored Cross-Site Scripting (XSS)

• Exploit Database
• 16 阅读

• 作者： Bastijn Ouwendijk
  日期： 2021-05-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49903/

• # Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)
  # Date: 2021-05-10
  # Exploit Author: Bastijn Ouwendijk
  # Vendor Homepage: https://reservationdiary.eu/
  # Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/
  # Version: 21.0307 and earlier
  # Tested on: Windows 10
  # CVE : CVE-2021-24299
  # Proof: https://bastijnouwendijk.com/cve-2021-24299/
  
  Steps to exploit this vulnerability:
  
  1. Go to the page where [redirestaurant] is embed to make a restaurant reservation by filling in the requested information
  2. In the 'Comment' field of the restaurant reservation form put the payload: `<script>alert("XSS")</script>`
  3. Submit the form
  4. While being logged into WordPress as administrator go to ReDi Reservations > Upcoming (Tablet PC)
  5. Click on 'View upcoming reservations'
  6. Select for 'Show reservations for': 'This week'
  7. The reservations are loaded and two alerts are shown with text 'XSS'